Archive for the “Banking” Category

Our catch of phriday phish featured a particularly well-crafted email alleging to come from Bank of America. At first glance it looks authentic: official Bank of America graphics and text. The scammers even included warnings about identity theft and fraud in this message. (Click on the graphic below to see the full message text.)

Body of phishing scam allegedly from Bank of America

Body of phishing scam allegedly from Bank of America


But if you look more closely, there are two tell-tale signs that this message is a scam.

  1. No reputable bank is going to send customers email that reveals other customers’ email or contact information. Take a look at the way this message was addressed: (Click on the graphic below to see a larger image.)
    "Confidential" information sent to multiple addresses. A sure sign of a scam!

    "Confidential" information sent to multiple addresses. A sure sign of a scam!

  2. Hover your mouse over one of the links. I doubt that Bank of America wants you to go to a server in Sweden (.se) to enter your personal information. Don’t follow any of the links in this message. Just delete it. (Click on the graphic below to see a larger image.)
    Hover your computer mouse to see where the link really goes.

    Hover your computer mouse to see where the link really goes.

Are you a Bank of America customer who wants to check on your account? Don’t follow any of the links in this phish; instead, log in to the Bank of America site as you ordinarily would and look for security messages.

See a message like this one? Delete it.

Comments Comments Off

Here’s an example of a classic “tailored for UD” phishing scam that arrived in UD inboxes in late September.

Note that it tried to tie udel.edu with PNC–since the scammer knew that UD and PNC have a business arrangement. At first glance, it looks believable, even including some fake mumbo-jumbo about encryption at the end. But look carefully:

  • The From, To, and Reply-To fields are all spoofed Penn State addresses–not UD addresses.
  • Look at the typos: Pnc instead of PNC, Customers instead of customers’, the British
    spelling of unauthorised, etc.
  • Look carefully at the link the scammer wanted you to click. Notice how it does not lead to either a udel.edu address or a pnc.com address. If you were to click on it, it would try to take you to a file in a folder on a server at blogdns.org.

We reported this one to the proper authorities. And we urged the UD community to delete it.


From: PNC 
Subject: *** Online activity confirmation code MBQCKCJPHP
Date: 	September 23, 2011 9:27:51 AM EDT
To: 	support@tr22g10.aset.psu.edu
Reply-To: 	fhzqje@psu.edu

Dear customer,

Pnc Bank has been receiving complaints from our customers regarding unauthorised 
use of the Pnc Online Banking accounts. As a result we are making an extra 
security check on all of our Customers account in order to protect their information.

We now need you to re-confirm your account information to us.

If this is not completed by September 25, 2011, we will be forced to suspend 
your account indefinitely, as it may have been used for fraudulent purposes.

 To confirm your Online Banking records click on the following link:

http://www.pnc.com.studentsof.blogdns.org/pncbank.com/index.php?EDU=UDEL.EDU-241FF

Thank you for your cooperation in this matter.
Pnc Bank Customer Service

Please do not reply to this e-mail as this is only a notification. Email sent to 
this address will not be answered.

2011 Pnc Bank Corporation. All rights reserved.
Encryption Layer 128-bit
CBMCQSOWYMOIKJLIMTMHPQYWMUENPOBKKKEUXM

Comments Comments Off